[libvirt] [PATCH] nwfilter: Add filter schema for nwfilter XML, extend domain XML schema

This patch adds a relaxng nwfilter schema along with a test that verifies all the test output XML against the schema. The input XMLs contain a lot of intentional out-of-range values that make them fail the schema verification, so I am not verifying against those. Signed-off-by: Stefan Berger <stefanb@us.ibm.com> Signed-off-by: Gerhard Stenzel <gerhard.stenzel@de.ibm.com> --- docs/schemas/Makefile.am | 3 docs/schemas/domain.rng | 31 + docs/schemas/nwfilter.rng | 783 ++++++++++++++++++++++++++++++++++++++++++++++ libvirt.spec.in | 1 tests/Makefile.am | 4 tests/nwfilterschematest | 11 6 files changed, 831 insertions(+), 2 deletions(-) Index: libvirt-acl/docs/schemas/Makefile.am =================================================================== --- libvirt-acl.orig/docs/schemas/Makefile.am +++ libvirt-acl/docs/schemas/Makefile.am @@ -10,6 +10,7 @@ schema_DATA = \ storagepool.rng \ storagevol.rng \ nodedev.rng \ - capability.rng + capability.rng \ + nwfilter.rng EXTRA_DIST = $(schema_DATA) Index: libvirt-acl/libvirt.spec.in =================================================================== --- libvirt-acl.orig/libvirt.spec.in +++ libvirt-acl/libvirt.spec.in @@ -785,6 +785,7 @@ fi %{_datadir}/libvirt/schemas/interface.rng %{_datadir}/libvirt/schemas/secret.rng %{_datadir}/libvirt/schemas/storageencryption.rng +%{_datadir}/libvirt/schemas/filter.rng %{_datadir}/libvirt/cpu_map.xml Index: libvirt-acl/docs/schemas/nwfilter.rng =================================================================== --- /dev/null +++ libvirt-acl/docs/schemas/nwfilter.rng @@ -0,0 +1,783 @@ +<?xml version="1.0" encoding="UTF-8"?> +<grammar ns="" xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes"> + <start> + <ref name="filter"/> + </start> + <define name="filter"> + <element name="filter"> + <ref name="filter-node-attributes"/> + <zeroOrMore> + <choice> + <element name="filterref"> + <ref name="filterref-node-attributes"/> + </element> + <element name="uuid"> + <ref name="UUID"/> + </element> + </choice> + </zeroOrMore> + <zeroOrMore> + <element name="rule"> + <ref name="rule-node-attributes"/> + <optional> + <zeroOrMore> + <element name="mac"> + <ref name="match-attribute"/> + <ref name="common-l2-attributes"/> + <ref name="mac-attributes"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="arp"> + <ref name="match-attribute"/> + <ref name="common-l2-attributes"/> + <ref name="arp-attributes"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="ip"> + <ref name="match-attribute"/> + <ref name="common-l2-attributes"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-port-attributes"/> + <ref name="ip-attributes"/> + <ref name="dscp-attribute"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="ipv6"> + <ref name="match-attribute"/> + <ref name="common-l2-attributes"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-port-attributes"/> + <ref name="ip-attributes"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="tcp"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-port-attributes"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="udp"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-port-attributes"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="sctp"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-port-attributes"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="icmp"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + <ref name="icmp-attributes"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="igmp"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="all"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="esp"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="ah"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="udplite"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="tcp-ipv6"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-port-attributes"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-ipv6-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="udp-ipv6"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-port-attributes"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-ipv6-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="sctp-ipv6"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-port-attributes"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-ipv6-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="icmpv6"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-ipv6-attributes-p2"/> + <ref name="icmp-attributes"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="all-ipv6"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-ipv6-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="esp-ipv6"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-ipv6-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="ah-ipv6"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-ipv6-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="udplite-ipv6"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-ipv6-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + </element> + </zeroOrMore> + </element> + </define> + + <!-- ########### attributes of XML nodes ############ --> + + <define name="filter-node-attributes"> + <attribute name="name"> + <data type="NCName"/> + </attribute> + <optional> + <attribute name="chain"> + <choice> + <value>root</value> + <value>arp</value> + <value>ipv4</value> + <value>ipv6</value> + </choice> + </attribute> + </optional> + </define> + + <define name="filterref-node-attributes"> + <attribute name="filter"> + <data type="NCName"/> + </attribute> + <optional> + <element name="parameter"> + <attribute name="name"> + <ref name="parameter-name"/> + </attribute> + <attribute name="value"> + <ref name="parameter-value"/> + </attribute> + </element> + </optional> + </define> + + <define name="rule-node-attributes"> + <attribute name="action"> + <ref name='action-type'/> + </attribute> + <attribute name="direction"> + <ref name='direction-type'/> + </attribute> + <optional> + <attribute name="priority"> + <ref name='priority-type'/> + </attribute> + </optional> + </define> + + <define name="match-attribute"> + <interleave> + <optional> + <attribute name="match"> + <choice> + <value>yes</value> + <value>no</value> + </choice> + </attribute> + </optional> + </interleave> + </define> + + <define name="srcmac-attribute"> + <interleave> + <optional> + <attribute name="srcmacaddr"> + <ref name="addrMAC"/> + </attribute> + </optional> + </interleave> + </define> + + <define name="common-l2-attributes"> + <interleave> + <ref name="srcmac-attribute"/> + <optional> + <attribute name="srcmacmask"> + <ref name="addrMAC"/> + </attribute> + </optional> + <optional> + <attribute name="dstmacaddr"> + <ref name="addrMAC"/> + </attribute> + </optional> + <optional> + <attribute name="dstmacmask"> + <ref name="addrMAC"/> + </attribute> + </optional> + </interleave> + </define> + + <define name="common-ip-attributes-p1"> + <interleave> + <optional> + <attribute name="srcipaddr"> + <ref name="addrIP"/> + </attribute> + </optional> + <optional> + <attribute name="srcipmask"> + <ref name="addrMask"/> + </attribute> + </optional> + <optional> + <attribute name="dstipaddr"> + <ref name="addrIP"/> + </attribute> + </optional> + <optional> + <attribute name="dstipmask"> + <ref name="addrMask"/> + </attribute> + </optional> + </interleave> + </define> + + <define name="common-ip-attributes-p2"> + <interleave> + <optional> + <attribute name="srcipfrom"> + <ref name="addrIP"/> + </attribute> + </optional> + <optional> + <attribute name="srcipto"> + <ref name="addrIP"/> + </attribute> + </optional> + <optional> + <attribute name="dstipfrom"> + <ref name="addrIP"/> + </attribute> + </optional> + <optional> + <attribute name="dstipto"> + <ref name="addrIP"/> + </attribute> + </optional> + <optional> + <attribute name="dscp"> + <ref name="sixbitrange"/> + </attribute> + </optional> + </interleave> + </define> + + <define name="common-ipv6-attributes-p1"> + <interleave> + <optional> + <attribute name="srcipaddr"> + <ref name="addrIPv6"/> + </attribute> + </optional> + <optional> + <attribute name="srcipmask"> + <ref name="addrMaskv6"/> + </attribute> + </optional> + <optional> + <attribute name="dstipaddr"> + <ref name="addrIPv6"/> + </attribute> + </optional> + <optional> + <attribute name="dstipmask"> + <ref name="addrMaskv6"/> + </attribute> + </optional> + </interleave> + </define> + + <define name="common-ipv6-attributes-p2"> + <interleave> + <optional> + <attribute name="srcipfrom"> + <ref name="addrIPv6"/> + </attribute> + </optional> + <optional> + <attribute name="srcipto"> + <ref name="addrIPv6"/> + </attribute> + </optional> + <optional> + <attribute name="dstipfrom"> + <ref name="addrIPv6"/> + </attribute> + </optional> + <optional> + <attribute name="dstipto"> + <ref name="addrIPv6"/> + </attribute> + </optional> + <optional> + <attribute name="dscp"> + <ref name="sixbitrange"/> + </attribute> + </optional> + </interleave> + </define> + + <define name="common-port-attributes"> + <interleave> + <optional> + <attribute name="srcportstart"> + <ref name="uint16range"/> + </attribute> + </optional> + <optional> + <attribute name="srcportend"> + <ref name="uint16range"/> + </attribute> + </optional> + <optional> + <attribute name="dstportstart"> + <ref name="uint16range"/> + </attribute> + </optional> + <optional> + <attribute name="dstportend"> + <ref name="uint16range"/> + </attribute> + </optional> + </interleave> + </define> + + <define name="icmp-attributes"> + <interleave> + <optional> + <attribute name="type"> + <ref name="uint8range"/> + </attribute> + </optional> + <optional> + <attribute name="code"> + <ref name="uint8range"/> + </attribute> + </optional> + </interleave> + </define> + + <define name="mac-attributes"> + <interleave> + <optional> + <attribute name="protocolid"> + <ref name="mac-protocolid"/> + </attribute> + </optional> + </interleave> + </define> + + <define name="arp-attributes"> + <interleave> + <optional> + <attribute name="arpsrcmacaddr"> + <ref name="addrMAC"/> + </attribute> + </optional> + <optional> + <attribute name="arpsrcipaddr"> + <ref name="addrIP"/> + </attribute> + </optional> + <optional> + <attribute name="arpdstmacaddr"> + <ref name="addrMAC"/> + </attribute> + </optional> + <optional> + <attribute name="arpdstipaddr"> + <ref name="addrIP"/> + </attribute> + </optional> + <optional> + <attribute name="hwtype"> + <ref name="uint16range"/> + </attribute> + </optional> + <optional> + <attribute name="opcode"> + <ref name="arpOpcodeType"/> + </attribute> + </optional> + <optional> + <attribute name="protocoltype"> + <ref name="uint16range"/> + </attribute> + </optional> + </interleave> + </define> + + <define name="ip-attributes"> + <optional> + <attribute name="protocol"> + <ref name="ipProtocolType"/> + </attribute> + </optional> + </define> + + <define name="dscp-attribute"> + <optional> + <attribute name="dscp"> + <ref name="sixbitrange"/> + </attribute> + </optional> + </define> + + <!-- ################ type library ################ --> + + <define name="UUID"> + <choice> + <data type="string"> + <param name="pattern">[a-fA-F0-9]{32}</param> + </data> + + <data type="string"> + <param name="pattern">[a-fA-F0-9]{8}\-([a-fA-F0-9]{4}\-){3}[a-fA-F0-9]{12}</param> + </data> + </choice> + </define> + + <define name="addrMAC"> + <choice> + <!-- variable --> + <data type="string"> + <param name="pattern">[\\$]{1}[a-zA-Z0-9_]+</param> + </data> + + <data type="string"> + <param name="pattern">([a-fA-F0-9]{1,2}:){5}[a-fA-F0-9]{1,2}</param> + </data> + </choice> + </define> + + <define name="addrIP"> + <choice> + <!-- variable --> + <data type="string"> + <param name="pattern">[\\$]{1}[a-zA-Z0-9_]+</param> + </data> + + <data type="string"> + <param name="pattern">([0-2]?[0-9]?[0-9]\.){3}[0-2]?[0-9]?[0-9]</param> + </data> + </choice> + </define> + + <define name="addrIPv6"> + <choice> + <!-- variable --> + <data type="string"> + <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param> + </data> + + <data type="string"> + <param name="pattern">([a-fA-F0-9]{0,4}:){2,7}([a-fA-F0-9]*)(([0-2]?[0-9]?[0-9]\.){3}[0-2]?[0-9]?[0-9])?</param> + </data> + </choice> + </define> + + <define name="addrMask"> + <choice> + <!-- variable --> + <data type="string"> + <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param> + </data> + + <data type="int"> + <param name="minInclusive">0</param> + <param name="maxInclusive">32</param> + </data> + + <data type="string"> + <param name="pattern">([0-2]?[0-9]?[0-9]\.){3}[0-2]?[0-9]?[0-9]</param> + </data> + </choice> + </define> + + <define name="addrMaskv6"> + <choice> + <!-- variable --> + <data type="string"> + <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param> + </data> + + <data type="int"> + <param name="minInclusive">0</param> + <param name="maxInclusive">128</param> + </data> + + <data type="string"> + <param name="pattern">([a-fA-F0-9]{0,4}:){2,7}([a-fA-F0-9]*)</param> + </data> + </choice> + </define> + + <define name="sixbitrange"> + <choice> + <!-- variable --> + <data type="string"> + <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param> + </data> + + <data type="int"> + <param name="minInclusive">0</param> + <param name="maxInclusive">63</param> + </data> + </choice> + </define> + + <define name="mac-protocolid"> + <choice> + <!-- variable --> + <data type="string"> + <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param> + </data> + + <data type="int"> + <param name="minInclusive">1536</param> + <param name="maxInclusive">65535</param> + </data> + + <choice> + <value>arp</value> + <value>ipv4</value> + <value>ipv6</value> + </choice> + </choice> + </define> + + <define name="uint8range"> + <choice> + <!-- variable --> + <data type="string"> + <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param> + </data> + + <data type="int"> + <param name="minInclusive">0</param> + <param name="maxInclusive">255</param> + </data> + </choice> + </define> + + <define name="uint16range"> + <choice> + <!-- variable --> + <data type="string"> + <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param> + </data> + + <data type="int"> + <param name="minInclusive">0</param> + <param name="maxInclusive">65535</param> + </data> + </choice> + </define> + + <define name="arpOpcodeType"> + <choice> + <!-- variable --> + <data type="string"> + <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param> + </data> + + <data type="int"> + <param name="minInclusive">0</param> + <param name="maxInclusive">65535</param> + </data> + + <data type="string"> + <param name="pattern">([Rr]eply|[Rr]equest|[Rr]equest_[Rr]everse|[Rr]eply_[Rr]everse|DRARP_[Rr]equest|DRARP_[Rr]eply|DRARP_[Ee]rror|InARP_[Rr]equest|ARP_NAK)</param> + </data> + + </choice> + </define> + + <define name="ipProtocolType"> + <choice> + <!-- variable --> + <data type="string"> + <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param> + </data> + + <data type="int"> + <param name="minInclusive">0</param> + <param name="maxInclusive">255</param> + </data> + + <choice> + <value>tcp</value> + <value>udp</value> + <value>udplite</value> + <value>esp</value> + <value>ah</value> + <value>icmp</value> + <value>igmp</value> + <value>sctp</value> + <value>icmpv6</value> + </choice> + </choice> + </define> + + <define name="parameter-name"> + <data type="string"> + <param name="pattern">[a-zA-Z0-9_]+</param> + </data> + </define> + + <define name="parameter-value"> + <data type="string"> + <param name="pattern">[a-zA-Z0-9_\.:]+</param> + </data> + </define> + + <define name='action-type'> + <choice> + <value>drop</value> + <value>accept</value> + </choice> + </define> + + <define name='direction-type'> + <choice> + <value>in</value> + <value>out</value> + <value>inout</value> + </choice> + </define> + + <define name='priority-type'> + <data type="int"> + <param name="minInclusive">0</param> + <param name="maxInclusive">1000</param> + </data> + </define> +</grammar> Index: libvirt-acl/tests/Makefile.am =================================================================== --- libvirt-acl.orig/tests/Makefile.am +++ libvirt-acl/tests/Makefile.am @@ -74,6 +74,7 @@ EXTRA_DIST = \ xml2vmxdata \ nwfilterxml2xmlout \ nwfilterxml2xmlin \ + nwfilterschematest \ $(patsubst %,qemuhelpdata/%,$(qemuhelpdata)) noinst_PROGRAMS = virshtest conftest \ @@ -120,7 +121,8 @@ test_scripts = \ storagepoolschematest \ storagevolschematest \ domainschematest \ - nodedevschematest + nodedevschematest \ + nwfilterschematest if WITH_LIBVIRTD test_scripts += \ Index: libvirt-acl/tests/nwfilterschematest =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterschematest @@ -0,0 +1,11 @@ +#!/bin/sh + +: ${srcdir=.} +. $srcdir/test-lib.sh +. $abs_srcdir/schematestutils.sh + +DIRS="nwfilterxml2xmlout" +SCHEMA="nwfilter.rng" + +check_schema "$DIRS" "$SCHEMA" + Index: libvirt-acl/docs/schemas/domain.rng =================================================================== --- libvirt-acl.orig/docs/schemas/domain.rng +++ libvirt-acl/docs/schemas/domain.rng @@ -894,6 +894,11 @@ <optional> <ref name="address"/> </optional> + <optional> + <element name="filterref"> + <ref name="filterref-node-attributes"/> + </element> + </optional> </interleave> </define> <!-- @@ -1577,6 +1582,22 @@ </element> </define> + <define name="filterref-node-attributes"> + <attribute name="filter"> + <data type="NCName"/> + </attribute> + <optional> + <element name="parameter"> + <attribute name="name"> + <ref name="parameter-name"/> + </attribute> + <attribute name="value"> + <ref name="parameter-value"/> + </attribute> + </element> + </optional> + </define> + <!-- Type library @@ -1737,4 +1758,14 @@ <param name="pattern">[a-zA-Z0-9_\.\+\-/]+</param> </data> </define> + <define name="parameter-name"> + <data type="string"> + <param name="pattern">[a-zA-Z0-9_]+</param> + </data> + </define> + <define name="parameter-value"> + <data type="string"> + <param name="pattern">[a-zA-Z0-9_\.:]+</param> + </data> + </define> </grammar>

On Mon, Apr 05, 2010 at 12:53:19PM -0400, Stefan Berger wrote:
This patch adds a relaxng nwfilter schema along with a test that verifies all the test output XML against the schema. The input XMLs contain a lot of intentional out-of-range values that make them fail the schema verification, so I am not verifying against those.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com> Signed-off-by: Gerhard Stenzel <gerhard.stenzel@de.ibm.com>
--- docs/schemas/Makefile.am | 3 docs/schemas/domain.rng | 31 + docs/schemas/nwfilter.rng | 783 ++++++++++++++++++++++++++++++++++++++++++++++ libvirt.spec.in | 1 tests/Makefile.am | 4 tests/nwfilterschematest | 11 6 files changed, 831 insertions(+), 2 deletions(-)
[...]
+ <define name="addrMAC"> + <choice> + <!-- variable --> + <data type="string"> + <param name="pattern">[\\$]{1}[a-zA-Z0-9_]+</param> + </data> + + <data type="string"> + <param name="pattern">([a-fA-F0-9]{1,2}:){5}[a-fA-F0-9]{1,2}</param> + </data> + </choice> + </define>
Hum, can you explain why you get apparently 2 completely different format values ranges here (and in a number of other types), I'm a bit lost. [...]
Index: libvirt-acl/docs/schemas/domain.rng =================================================================== --- libvirt-acl.orig/docs/schemas/domain.rng +++ libvirt-acl/docs/schemas/domain.rng @@ -894,6 +894,11 @@ <optional> <ref name="address"/> </optional> + <optional> + <element name="filterref"> + <ref name="filterref-node-attributes"/> + </element> + </optional> </interleave> </define> <!-- @@ -1577,6 +1582,22 @@ </element> </define>
+ <define name="filterref-node-attributes"> + <attribute name="filter"> + <data type="NCName"/> + </attribute> + <optional> + <element name="parameter"> + <attribute name="name"> + <ref name="parameter-name"/> + </attribute> + <attribute name="value"> + <ref name="parameter-value"/> + </attribute> + </element> + </optional> + </define> + <!-- Type library
@@ -1737,4 +1758,14 @@ <param name="pattern">[a-zA-Z0-9_\.\+\-/]+</param> </data> </define> + <define name="parameter-name"> + <data type="string"> + <param name="pattern">[a-zA-Z0-9_]+</param> + </data> + </define> + <define name="parameter-value"> + <data type="string"> + <param name="pattern">[a-zA-Z0-9_\.:]+</param> + </data> + </define> </grammar>
I just find parameter-name/parameter-value a bit too generic names, if you could make them more specific to the task, like filter-param-name / filter-param-value but it's minor, and it's good to have updated schema and augmented testing ACK Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/

Daniel Veillard <veillard@redhat.com> wrote on 04/06/2010 09:10:11 AM:
Please respond to veillard
On Mon, Apr 05, 2010 at 12:53:19PM -0400, Stefan Berger wrote:
This patch adds a relaxng nwfilter schema along with a test that verifies all the test output XML against the schema. The input XMLs contain a lot of intentional out-of-range values that make them fail
the
schema verification, so I am not verifying against those.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com> Signed-off-by: Gerhard Stenzel <gerhard.stenzel@de.ibm.com>
--- docs/schemas/Makefile.am | 3 docs/schemas/domain.rng | 31 + docs/schemas/nwfilter.rng | 783 ++++++++++++++++++++++++++++++++++++++++++++++ libvirt.spec.in | 1 tests/Makefile.am | 4 tests/nwfilterschematest | 11 6 files changed, 831 insertions(+), 2 deletions(-)
[...]
+ <define name="addrMAC"> + <choice> + <!-- variable --> + <data type="string"> + <param name="pattern">[\\$]{1}[a-zA-Z0-9_]+</param> + </data> + + <data type="string"> + <param name="pattern">([a-fA-F0-9]{1,2}:){5}[a-fA-F0-9]{1,2}</param> + </data> + </choice> + </define>
Hum, can you explain why you get apparently 2 completely different format values ranges here (and in a number of other types), I'm a bit lost.
Every item in the network filter xml can be a variable like $MAC or $IP. So for the schema to validate a srcmacaddr="$MAC" I needed to add the above 'variable' pattern. I had a lot of problems finding a way to require a $ as first letter and I ended up having to use the [\\$]{1} construct. Also I could not find a switch for non-case-sensitive string comparison like other regexes have (?i) or \i for example... I suppose there is none.
[...]
Index: libvirt-acl/docs/schemas/domain.rng =================================================================== --- libvirt-acl.orig/docs/schemas/domain.rng +++ libvirt-acl/docs/schemas/domain.rng @@ -894,6 +894,11 @@ <optional> <ref name="address"/> </optional> + <optional> + <element name="filterref"> + <ref name="filterref-node-attributes"/> + </element> + </optional> </interleave> </define> <!-- @@ -1577,6 +1582,22 @@ </element> </define>
+ <define name="filterref-node-attributes"> + <attribute name="filter"> + <data type="NCName"/> + </attribute> + <optional> + <element name="parameter"> + <attribute name="name"> + <ref name="parameter-name"/> + </attribute> + <attribute name="value"> + <ref name="parameter-value"/> + </attribute> + </element> + </optional> + </define> + <!-- Type library
@@ -1737,4 +1758,14 @@ <param name="pattern">[a-zA-Z0-9_\.\+\-/]+</param> </data> </define> + <define name="parameter-name"> + <data type="string"> + <param name="pattern">[a-zA-Z0-9_]+</param> + </data> + </define> + <define name="parameter-value"> + <data type="string"> + <param name="pattern">[a-zA-Z0-9_\.:]+</param> + </data> + </define> </grammar>
I just find parameter-name/parameter-value a bit too generic names, if you could make them more specific to the task, like filter-param-name / filter-param-value
but it's minor, and it's good to have updated schema and augmented testing
Ok, so I will rename those two to the names you suggest. Should I post again before pushing it to the repository? Stefan
ACK
Daniel
-- Daniel Veillard | libxml Gnome XML XSLT toolkit
daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/

On Tue, Apr 06, 2010 at 09:21:50AM -0400, Stefan Berger wrote:
Daniel Veillard <veillard@redhat.com> wrote on 04/06/2010 09:10:11 AM:
Please respond to veillard
On Mon, Apr 05, 2010 at 12:53:19PM -0400, Stefan Berger wrote:
This patch adds a relaxng nwfilter schema along with a test that verifies all the test output XML against the schema. The input XMLs contain a lot of intentional out-of-range values that make them fail
the
schema verification, so I am not verifying against those.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com> Signed-off-by: Gerhard Stenzel <gerhard.stenzel@de.ibm.com>
--- docs/schemas/Makefile.am | 3 docs/schemas/domain.rng | 31 + docs/schemas/nwfilter.rng | 783 ++++++++++++++++++++++++++++++++++++++++++++++ libvirt.spec.in | 1 tests/Makefile.am | 4 tests/nwfilterschematest | 11 6 files changed, 831 insertions(+), 2 deletions(-)
[...]
+ <define name="addrMAC"> + <choice> + <!-- variable --> + <data type="string"> + <param name="pattern">[\\$]{1}[a-zA-Z0-9_]+</param> + </data> + + <data type="string"> + <param name="pattern">([a-fA-F0-9]{1,2}:){5}[a-fA-F0-9]{1,2}</param> + </data> + </choice> + </define>
Hum, can you explain why you get apparently 2 completely different format values ranges here (and in a number of other types), I'm a bit lost.
Every item in the network filter xml can be a variable like $MAC or $IP. So for the schema to validate a srcmacaddr="$MAC" I needed to add the above 'variable' pattern.
Ah, okay, I understand now !
I had a lot of problems finding a way to require a $ as first letter and I ended up having to use the [\\$]{1} construct. Also I could not find a switch for non-case-sensitive string comparison like other regexes have (?i) or \i for example... I suppose there is none.
right. We are using XML Schemas datatype here, and the regexps are defined in this appendix http://www.w3.org/TR/xmlschema-2/#regexs character $ has no special meaning in XML so doesn't need any escaping http://www.w3.org/TR/xmlschema-2/#nt-SingleCharEsc <param name="pattern">$[a-zA-Z0-9_]+</param> should just work fine I think, can you try ? If yes that's worth fixing before the push :-) [...]
I just find parameter-name/parameter-value a bit too generic names, if you could make them more specific to the task, like filter-param-name / filter-param-value
but it's minor, and it's good to have updated schema and augmented testing
Ok, so I will rename those two to the names you suggest. Should I post again before pushing it to the repository?
nahh, fine ! Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/

Daniel Veillard <veillard@redhat.com> wrote on 04/06/2010 11:40:02 AM:
Please respond to veillard
Ah, okay, I understand now !
I had a lot of problems finding a way to require a $ as first letter
and I
ended up having to use the [\\$]{1} construct. Also I could not find a
switch for non-case-sensitive string comparison like other regexes have (?i) or \i for example... I suppose there is none.
right. We are using XML Schemas datatype here, and the regexps are defined in this appendix http://www.w3.org/TR/xmlschema-2/#regexs character $ has no special meaning in XML so doesn't need any escaping http://www.w3.org/TR/xmlschema-2/#nt-SingleCharEsc
<param name="pattern">$[a-zA-Z0-9_]+</param>
should just work fine I think, can you try ? If yes that's worth fixing before the push :-)
$ is the end of line indicator in regular expressions. I needs to be escaped, at the least. I did push it already. Stefan
[...]
I just find parameter-name/parameter-value a bit too generic names, if you could make them more specific to the task, like filter-param-name / filter-param-value
but it's minor, and it's good to have updated schema and augmented testing
Ok, so I will rename those two to the names you suggest. Should I post
again before pushing it to the repository?
nahh, fine !
Daniel
-- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/

On Tue, Apr 06, 2010 at 12:28:27PM -0400, Stefan Berger wrote:
Daniel Veillard <veillard@redhat.com> wrote on 04/06/2010 11:40:02 AM:
Please respond to veillard
Ah, okay, I understand now !
I had a lot of problems finding a way to require a $ as first letter
and I
ended up having to use the [\\$]{1} construct. Also I could not find a
switch for non-case-sensitive string comparison like other regexes have (?i) or \i for example... I suppose there is none.
right. We are using XML Schemas datatype here, and the regexps are defined in this appendix http://www.w3.org/TR/xmlschema-2/#regexs character $ has no special meaning in XML so doesn't need any escaping http://www.w3.org/TR/xmlschema-2/#nt-SingleCharEsc
<param name="pattern">$[a-zA-Z0-9_]+</param>
should just work fine I think, can you try ? If yes that's worth fixing before the push :-)
$ is the end of line indicator in regular expressions. I needs to be escaped, at the least.
Not in XML Schemas regexp, see my link search for '$' as posted http://www.w3.org/TR/xmlschema-2/#regexs ---------------------------------- Note: Unlike some popular regular expression languages (including those defined by Perl and standard Unix utilities), the regular expression language defined here implicitly anchors all regular expressions at the head and tail, as the most common use of regular expressions in ·pattern· is to match entire literals. ---------------------------------- Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/

Daniel Veillard <veillard@redhat.com> wrote on 04/06/2010 11:40:02 AM:
Please respond to veillard
On Tue, Apr 06, 2010 at 09:21:50AM -0400, Stefan Berger wrote:
Daniel Veillard <veillard@redhat.com> wrote on 04/06/2010 09:10:11 AM:
Please respond to veillard
On Mon, Apr 05, 2010 at 12:53:19PM -0400, Stefan Berger wrote:
This patch adds a relaxng nwfilter schema along with a test that verifies all the test output XML against the schema. The input
XMLs
contain a lot of intentional out-of-range values that make them fail the schema verification, so I am not verifying against those.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com> Signed-off-by: Gerhard Stenzel <gerhard.stenzel@de.ibm.com>
--- docs/schemas/Makefile.am | 3 docs/schemas/domain.rng | 31 + docs/schemas/nwfilter.rng | 783 ++++++++++++++++++++++++++++++++++++++++++++++ libvirt.spec.in | 1 tests/Makefile.am | 4 tests/nwfilterschematest | 11 6 files changed, 831 insertions(+), 2 deletions(-)
[...]
+ <define name="addrMAC"> + <choice> + <!-- variable --> + <data type="string"> + <param name="pattern">[\\$]{1}[a-zA-Z0-9_]+</param> + </data> + + <data type="string"> + <param name="pattern">([a-fA-F0-9]{1,2}:){5}[a-fA-F0-9]{1,2}</param> + </data> + </choice> + </define>
Hum, can you explain why you get apparently 2 completely different format values ranges here (and in a number of other types), I'm a bit lost.
Every item in the network filter xml can be a variable like $MAC or $IP. So for the schema to validate a srcmacaddr="$MAC" I needed to add the above 'variable' pattern.
Ah, okay, I understand now !
I had a lot of problems finding a way to require a $ as first letter and I ended up having to use the [\\$]{1} construct. Also I could not find a
switch for non-case-sensitive string comparison like other regexes have (?i) or \i for example... I suppose there is none.
right. We are using XML Schemas datatype here, and the regexps are defined in this appendix http://www.w3.org/TR/xmlschema-2/#regexs character $ has no special meaning in XML so doesn't need any escaping http://www.w3.org/TR/xmlschema-2/#nt-SingleCharEsc
<param name="pattern">$[a-zA-Z0-9_]+</param>
should just work fine I think, can you try ? If yes that's worth fixing before the push :-)
My mistake. I could replace it everywhere and it works fine. I'll push this fix. - <param name="pattern">[\\$]{1}[a-zA-Z0-9_]+</param> + <param name="pattern">$[a-zA-Z0-9_]+</param> Stefan

On Tue, Apr 06, 2010 at 03:29:08PM -0400, Stefan Berger wrote:
Daniel Veillard <veillard@redhat.com> wrote on 04/06/2010 11:40:02 AM:
right. We are using XML Schemas datatype here, and the regexps are defined in this appendix http://www.w3.org/TR/xmlschema-2/#regexs character $ has no special meaning in XML so doesn't need any escaping http://www.w3.org/TR/xmlschema-2/#nt-SingleCharEsc
<param name="pattern">$[a-zA-Z0-9_]+</param>
should just work fine I think, can you try ? If yes that's worth fixing before the push :-)
My mistake. I could replace it everywhere and it works fine. I'll push this fix.
- <param name="pattern">[\\$]{1}[a-zA-Z0-9_]+</param> + <param name="pattern">$[a-zA-Z0-9_]+</param>
okay, thanks :-) Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/
participants (2)
-
Daniel Veillard
-
Stefan Berger